2 April 2009 - Opening Address By Mr Peter Ho, Head Of Civil Service And Chairman, National Infocomm Security Committee. At The Information Security Seminar 2009, Suntec Singapore International Convention & Exhibition Centre
Opening Address By Mr Peter Ho, Head Of Civil Service And Chairman, National Infocomm Security Committee, At The Information Security Seminar 2009, On 2 April 2009,9.00am, At The Suntec Singapore International Convention & Exhibition Centre
Need for Sustained Investment in Infocomm Security
1. I am glad to see the good turn-out this morning. I am particularly heartened by the strong participation of the private sector. This is important as the public and private sectors have to work in partnership to build and maintain Singapore as a secure and trusted hub. I congratulate AISP for co-organising the seminar with IDA for the first time this year.
2. The current global economic downturn has impacted the business landscape in Singapore. The infocomm industry has not been spared. During such challenging times, it is common for organisations to reposition their business strategies and review their infocomm priorities. However, I would urge all organisations to continue with their infocomm security efforts. This will help preserve your readiness to seize new opportunities when the economy recovers.
Information Security Threats in a Changing World
3. We live in a fast-changing world. Infocomm technology is a strategic business enabler and a key catalyst for change and improvement. Infocomm security is also a dynamic field. New and ever more challenging threats emerge all the time. Whenever new innovations are rolled out, malware targeting vulnerabilities in these new technologies can expect to follow very soon. Let me cite a few examples.
4. The pervasive use of mobile infocomm devices, such as thumb-drives, smart-phones, and MP3 players, has opened new opportunities for hackers to embed malware into these devices. As people use these devices to share data, music and pictures, there is a risk that they will inadvertently spread the infectious malware to other computers.
5. Secondly, social engineering techniques are now being applied to exploit user behaviour. These techniques essentially take advantage of instinctive human behaviour to achieve their malicious goals. An example is scareware, which employs unethical practices to scare and trick victims into downloading dangerous malware.
6. The reality is that cyber threats will continue to evolve. They will continue to afflict users as our work and life become increasingly infocomm-enabled. However with the collaboration of the public-private-people sectors, we can better protect ourselves against such threats.
The Government Takes the Lead
7. Given the importance of infocomm security, the Government takes the lead in securing our national infocomm infrastructure. Indeed, this is what the Infocomm Security Masterplans seek to address. The first Infocomm Security Masterplan was launched in 2005. We are now into the second five-year Infocomm Security Masterplan, or MP2, that was launched a year ago. We are beginning to see results from these efforts.
8. According to IDA's 2008 Annual Infocomm Usage by Enterprise Survey, 9 out of 10 enterprises indicated their confidence in Singapore as a trusted environment to conduct business in cyberspace. There has been a significant improvement in the adoption of infocomm security measures by enterprises. For example, the adoption of virus checking and protection software has risen by 8%. The adoption of anti-spyware and firewall protection has both increased by 9%. However, there is still a lot of room for improvement. I would urge all enterprises and users to put in place security measures, if you have not already done so.
9. Since the launch of MP2 last year, new programmes have been initiated by the Government. I would like to take this opportunity to highlight a few of them.
Securing the Infocomm Sector
10. An area of focus under MP2 is the strengthening of the security of our Internet infrastructure in Singapore. As with all countries, Singapore is increasingly reliant on the Internet. We are now one of the most wired nations in the world. According to IDA, our household broadband penetration rate has crossed the 100% mark in January 2009.
11. We have to increase the resilience of our Internet infrastructure against cyber attacks. While the Internet Service Providers or ISPs are already paying due attention to security issues today, much more can be done to fortify our infrastructure against debilitating threats, such as Distributed Denial-of-Service or DDoS attacks. IDA is engaging the ISPs to co-create sustainable infocomm security measures, and to share cyber threat information.
Securing the Government Sector
12. MP2 continues to focus on reinforcing the security and resilience of our government systems and services. Singapore is recognised as a leader in e-government, winning many international awards and topping numerous e-government rankings. The most recent is the 2009 Waseda University International e-Government Ranking, in which Singapore emerged top.
13. Cyber threats constantly evolve. This means that the Government will have to commit resources on a continuing basis to mitigate emerging threats that can affect service availability.
14. There will also be initiatives to enhance the level of security situational awareness across the public sector. Over the years, the Government has put in place various security measures. One example is the Cyber-Watch Centre that all our Government agencies subscribe to, which has improved our cyber threat detection capability. By further enhancing the analysis of data collected through these measures, we will have a better understanding of the overall infocomm security landscape. This will in turn help us to put in place timely and appropriate infocomm security measures and programmes.
The Government Partners with the Industry
15. While the Government takes the lead, industry has an important partnership role in building and enhancing our infocomm security capabilities. This is exemplified through our joint efforts in enhancing the competencies of infocomm security professionals and promoting infocomm security among enterprises.
Association of Information Security Professionals
16. The formation of the Association of Information Security Professionals, or AISP, was announced at last year's Seminar. AISP is a joint initiative between the IDA and the Singapore Computer Society. It aims to transform infocomm security into an even more distinguished profession and build a critical pool of competent infocomm security professionals. In fact, this seminar is co-organised by IDA and AISP to achieve greater impact and outreach to infocomm professionals in both the public and private sectors. Since its inception, the AISP has made considerable progress.
17. AISP is now developing a comprehensive Infocomm Security Professionals Roadmap and a Body of Knowledge. The Roadmap outlines clear pathways of certification, qualifications and competencies needed for an infocomm security professional. The objective of the Body of Knowledge is to serve as a framework for educating and testing the competence of aspiring infocomm security professionals. These two resources will form the foundation of a professional certification programme to be launched by AISP later this year. A key feature of this certification is that it has a global focus, not just a national one. It will require professionals to be conversant not only with Singapore infocomm security related laws and regulations but also with internationally recognised industry best practices.
18. AISP is gaining support of infocomm security professionals. The members enjoy the benefit of its programmes and the recognition of being members of their profession. I strongly encourage all infocomm security professionals to join AISP and benefit from its various initiatives.
National Infocomm Scholarship for Infocomm Security
19. IDA collaborates with the industry to ensure a continuous pipeline of infocomm security talent exists to meet market needs.
20. In partnership with a number of public and private sector organisations, IDA offers the National Infocomm Scholarship for Infocomm Security to our top students who wish to specialise in this field. These organisations include BT Frontline, the Centre for Strategic Infocomm Technologies, e-Cop, Singapore Power, Singapore Telecommunications, Symantec and IDA. These organisations will start their selection of scholars to major in infocomm security this month.
21. IDA also works with the industry to promote infocomm security among the Small and Medium Enterprises or SMEs. This sector plays a crucial role in the economic development and employment creation in Singapore.
22. With the current economic climate, many SMEs will find it challenging to invest in infocomm security. SMEs may therefore wish to take advantage of the various initiatives under IDA's Infocomm@SME programme.
23. For example, SMEs requiring advice or technical resources to address their infocomm security needs can approach any of the two SME Infocomm Resource Centres, or SIRCs. These SIRCs are located at the Singapore Polytechnic and the Singapore Chinese Chamber of Commerce & Industry. Their advisory services are provided from as low as five dollars.
24. SMEs can also leverage on the SME Infocomm Package initiative to acquire software applications for their operational and security needs. Through this package, SMEs can pick from a range of attractively-priced infocomm software, bundled with security protection, and complete with one-stop customer support services.
Work Together to Uphold Infocomm Security
25. Singapore has come a long way since the early days of our national computerisation effort in the 1980s. Today, infocomm technology is an integral part of the way we live, learn, work and play. The public, private and people sectors must continue to work together to sustain our efforts in upholding infocomm security. Only then can we ensure that Singapore remains a secure and trusted hub.
26. The organisers of this seminar have put together a rich programme spanning two days - a series of speaker sessions and panel discussion here today, and a full day workshop at the Nanyang Polytechnic tomorrow. I am confident that you will benefit from the quality programmes lined up. I wish all of you a fruitful seminar.
27. Thank you.